CVE-2026-1343

IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 and IBM Verify Identity Access 11.0 through 11.0.2 and IBM Security Verify Access 10.0 through 10.0.9.1 allows an attacker to contact internal authentication endpoints which are protected by the Reverse Proxy.

CVSS v3 7.2 HIGH

7.2^/10

CVSS v3 : HIGH

Vector :

Exploitability : 3.9 / Impact : 2.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

References

Link	Resource
https://www.ibm.com/support/pages/node/7268253	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:ibm:security_verify_access::::::::
	cpe:2.3:a:ibm:security_verify_access_container::::::::
	cpe:2.3:a:ibm:verify_identity_access::::::::
	cpe:2.3:a:ibm:verify_identity_access_container::::::::

History

09 Apr 2026, 18:27

Type	Values Removed	Values Added
First Time		Ibm security Verify Access Ibm verify Identity Access Container Ibm security Verify Access Container Ibm Ibm verify Identity Access
References	~~() https://www.ibm.com/support/pages/node/7268253 -~~	() https://www.ibm.com/support/pages/node/7268253 - Vendor Advisory
CPE		cpe:2.3:a:ibm:verify_identity_access:::::::: cpe:2.3:a:ibm:verify_identity_access_container:::::::: cpe:2.3:a:ibm:security_verify_access:::::::: cpe:2.3:a:ibm:security_verify_access_container::::::::

08 Apr 2026, 01:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-04-08 01:16

Updated : 2026-04-09 18:27

NVD link : CVE-2026-1343

Mitre link : CVE-2026-1343

CVE.ORG link : CVE-2026-1343

JSON object : View

Products Affected

ibm

verify_identity_access_container
security_verify_access
security_verify_access_container
verify_identity_access

CWE

CWE-918

Server-Side Request Forgery (SSRF)

{"id": "CVE-2026-1343", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "psirt@us.ibm.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 7.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 3.9}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 7.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 3.9}]}, "published": "2026-04-08T01:16:40.503", "references": [{"url": "https://www.ibm.com/support/pages/node/7268253", "tags": ["Vendor Advisory"], "source": "psirt@us.ibm.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "psirt@us.ibm.com", "description": [{"lang": "en", "value": "CWE-918"}]}], "descriptions": [{"lang": "en", "value": "IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 and IBM Verify Identity Access 11.0 through 11.0.2 and IBM Security Verify Access 10.0 through 10.0.9.1 allows an attacker to contact internal authentication endpoints which are protected by the Reverse Proxy."}], "lastModified": "2026-04-09T18:27:45.447", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:security_verify_access:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C71B5C3B-4B1F-4330-9260-26B349CAE490", "versionEndIncluding": "10.0.9.1", "versionStartIncluding": "10.0.0"}, {"criteria": "cpe:2.3:a:ibm:security_verify_access_container:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "674B3E72-09DE-48D4-9F07-43152474E8CD", "versionEndIncluding": "10.0.9.1", "versionStartIncluding": "10.0.0.0"}, {"criteria": "cpe:2.3:a:ibm:verify_identity_access:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "980521A4-FDCB-4EC4-9871-6CD57DEC14E1", "versionEndIncluding": "11.0.2.0", "versionStartIncluding": "11.0.0.0"}, {"criteria": "cpe:2.3:a:ibm:verify_identity_access_container:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3FDCBF44-E483-4248-A39E-CB9226FF4BC9", "versionEndIncluding": "11.0.2.0", "versionStartIncluding": "11.0.0.0"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@us.ibm.com"}